Ormandy notes that one of the vulnerabilities is so worrying that just emailing a file to a victim or sending them a link to an exploit is enough to trigger it, “the victim does not need to open the file or interact with it in anyway.

“Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.”

Symantec was briefed on the problems and, shortly before the Project Zero comment, it released its own advisory notes – listing 25 affexted products in total – with a patch rolled out for the problems.

Indeed, Ormandy credits Symantec with bringing out a raft of fixes that should be automatic updates for users but, just in case, best check that you’re running the latest version of your product.

Symantec, in turn, thanked Ormandy for pointing out the problem, “and working closely with us as we addressed the issues”.

It has advised users to keep administrative privileges to a small number of people, with only those allowed remote access.

Other obvious recommendations include things like maintaining up-to-date software, running “under the principle of least privilege” and fighting back by running firewalls, anti-malware apps and antivirus software to provide the best chances of catching issues early on.